| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-02-05 | initial WIP for php8; bump php version requirement to 7.0 | Andrew Dolgov | |
| 2020-10-11 | Ensure proxy_all setting is saved in database. | JustAMacUser | |
| 2020-09-22 | remove a lot of stuff from global context (functions.php), add a few helper ↵ | Andrew Dolgov | |
| classes instead | |||
| 2020-09-17 | * use get_random_bytes() for CSRF token | Andrew Dolgov | |
| * get_random_bytes: use PHP7 random_bytes() if it is available * validate CSRF token using hash_equals | |||
| 2020-09-15 | af_proxy_http: require separate token to access imgproxy | Andrew Dolgov | |
| 2020-09-15 | af_proxy_http: never print received data directly, always redirect to cached_url | Andrew Dolgov | |
| cache/getUrl: basename() passed filename just in case | |||
| 2020-09-14 | - fix multiple vulnerabilities in af_proxy_http | Andrew Dolgov | |
| - fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized - fetch_file_contents: validate all URLs before requesting them - validate URLs: explicitly whitelist http and https scheme, forbid everything else - DiskCache/cached_url: only serve whitelisted content types (images, video) - simplify filename/URL handling code, remove and consolidate some less-used functions | |||
| 2019-08-15 | pluginhost: add helper methods to get private/public pluginmethod endpoint URLs | Andrew Dolgov | |
| 2019-08-15 | fix several leftover mentions of old (renamed) class name, duh | Andrew Dolgov | |
| 2019-08-15 | af_zz_imgproxy: rename to af_proxy_http, use priority hook loader | Andrew Dolgov | |
 |
index : tt-rss.git | |
| Unnamed repository; edit this file 'description' to name the repository. | Linux User |
| summaryrefslogtreecommitdiff |